Stay Awake, Popular Apps Are Not Sure Safe

Stay Awake, Popular Apps Are Not Sure Safe

People usually assume safe apps when using popular apps with good ratings and downloaded from the official app store . This is not entirely true.

Usually this application is developed with security priority and has been reviewed by the security team of the app store.  However, researchers from Kaspersky Lab claim to find the ad SDK contained in the application actually causes a leak of user data. https://tampang.com

The app will show a malicious ad, not the intended ad. The user will then be directed to download the promoted app, which turned out to be malware so put them in danger.

While analyzing some popular dating applications, Kaspersky Lab found that unencrypted user data is transmitted across unsafe HTTP protocols, thus posing a risk of data leakage.

This shortcoming is due to some applications using third-party direct advertising SDKs that are part of the most popular ad networks. This app opens a security hole against the theft of personal data, modifications and can be used for subsequent attacks that keep users unprotected.

The number of applications using the claimed SDK reaches millions, with most transmitting at least one part of the data below without encryption:

1. Personal information, mostly in the form of username, age and gender.

2. Data on phone numbers and email addresses

A more in-depth analysis of this application indicates that data is transmitted unencrypted and over HTTP, which means this unprotected current is transferred to the server .

Due to the lack of encryption, data can be blocked on the street by anyone, either over unprotected Wi-Fi networks by Internet service providers or through malware on home routers.

"At first we thought this was just a case of carelessness in making applications, but the reality is surprising," said Roman Unuchek, security researcher at Kaspersky Lab.

To avoid leaking your personal data and to anticipate future attacks, Kaspersky Lab researchers advise users to perform the following steps:

1. Check the permissions requested by your application. Do not allow something you do not know why and what's the point. For example, many apps do not require access to your location, do not allow it if this app does not need it.

2. Use virtual private network (VPN). This function will encrypt network traffic between your device to the server. Although packets sent will remain unencrypted behind the VPN server, but at least the risk of leakage is reduced during the process.

The SDK itself is an application development tool that is often distributed for free to allow software makers to focus on their apps, while entrusting other features to a ready-made SDK. App developers typically usethird-party coding to save time.

For example, the advertising SDK collects user data to show relevant ads, which helps developers monetize their products. This kit sends user data to popular ad network domains in order to show targeted ads.